Archive for the ‘Security’ Category
February 17th, 2011 by Valiant
While speaking to various organizations, I am constantly amazed at the lack of concern for protecting a business’ online presence. I offer a two hour session that focuses on finding personal information online, which begins to open the eyes of Management, but that was not cutting it. I have developed a new course that will concentrate on protecting a business from an internet view.
This interactive session identifies and demonstrates several methods of searching for information about a company online. This should be conducted monthly by any business that has an online presence. These queries will discover publicly available information that could harm an organization. A sample of topics includes locating complaints about service, employee information, comments from individuals, photos that can be tracked to the company, employee activity online, employee profiles, private emails, inaccurate information, common network vulnerabilities, confidential documents, user names and passwords, and even private customer data. Previous demonstrations have displayed that entire drives full of sensitive company documents were visible online by anyone with an internet connection. Solutions to solve all of these issues will be presented, as well as direct links to the sites that will help one identify the problems.
In a previous post (LINK HERE), I discussed how Peer to Peer software on ANY machine in a business could leak sensitive data to anyone on the internet. These programs, such as Kazaa, Limewire, and BearShare, are very common and usually used to download music. These programs also share data by default, and expose your sensitive information.
As another example, I explain how Meta Data within your documents on your web server may be exposing a lot of information about your employees, your computer systems, and the software that you are using (which exposes serious vulnerabilities). The last location where I presented this information exposed several forgotten documents that were still online which identified several user names, email addresses, illegal pirated applications, server names and directories, copy machine information, and even evidence of plagiarism and theft of intellectual property. This demonstration was conducted from scratch using free software, and completed in less than four minutes.
In total, I display over fifty resources that will help keep your online presence in a form that will benefit the business. I highly recommend that this session is presented to both Management and the individual(s) that will be conducting the inquiries. In order to view the complete presentation, a minimum of two hours is needed.
February 14th, 2011 by Nick Fishman
Insights about hot topics that hiring professionals need to watch in the coming year
Discrimination issues, global screening, contractors, credit checks, social networking and a tsunami of legislation headline the 2011 list of top background screening trends from EmployeeScreenIQ. Since 2007, we’ve developed an annual list for HR professionals and executives; this year’s picks are designed to equip hiring professionals with advance information on crucial screening topics before they become everyday news. Without further adieu, the top nine trends for 2011 include:
1 – EEOC takes aggressive action toward employment background checks. The Equal Employment Opportunity Commission (EEOC) has increased their scrutiny of hiring practices, exposing employers to a greater risk of discrimination lawsuits. The EEOC is especially targeting “bright line” hiring decisions that automatically exclude candidates with criminal records, arrest Continue Reading…
February 7th, 2011 by Bob Hayes
This monthly newsletter keeps you up-to-date on the latest Security Executive Council initiatives and their efforts to help make security and risk executives more successful and productive. Content includes career issues, strategic planning, industry research, measures and metrics, emerging trends watch, advice from former security executives and much more.
https://www.securityexecutivecouncil.com/survey/index.php?sid=92744
February 4th, 2011 by Kathy Phillips
Safety Techniques in Backing Up
Especially during the busy holiday season when everyone is rushing in and out of parking garages and structures it is even more important to be aware of our surroundings. When valet attendants and patrons are pulling in and out of parking spots and rushing the risk of accidents increases.
One out of every four accidents can be blamed on Continue Reading…
February 3rd, 2011 by Kathy Phillips
Oil Spill Containment and Clean Up
As operators of parking facilities, you should have plans to clean up oil spill caused by vehicles and equipment that may have leaks for various reasons. Plans should include:
- Daily Inspections
- Assembly of a clean up kit
- Written safe practices
- Employee training
- Documentation of activities
The following will outline items suggested and methods for safe clean up and Continue Reading…
January 31st, 2011 by Valiant
On December 13, former Governor David Paterson signed into law Senate Bill 8380, the Wage Theft Prevention Act, which expands wage notice and recordkeeping requirements for employers, increases penalties for employers that fail to pay full wages due, and expands the state’s enforcement powers.
Effective April 12, 2011, employers must provide a written notice to all employees both at hiring and annually on or before February 1 that includes the rate plus the basis of pay, whether by the hour, shift, day, piece, salary, commission, or other basis; any allowances, such as tips, meals, or lodging, claimed as part of the minimum wage; and the employer’s address, phone number, and any “doing business as” names, among other information.
Employers must obtain Continue Reading…
January 24th, 2011 by Kathy Phillips
Terrorists often use parked cars or trucks to carry, conceal or serve as bombs. For that reason, local government officials are turning to the new, no-cost, First Observer parking-specific training program that utilizes parking professionals as foot soldiers in the war on terrorism, according to a press release issued by the International Parking Institute (IPI) on Jan. 20.
Funded by the U.S. Department of Homeland Security and the Transportation Security Administration, the parking module of First Observer was developed with the help of Continue Reading…
January 17th, 2011 by Steve Amitay
As reported last month, FPS officials are in the midst of a priority effort to explore options to improve and standardize the training for contract Protective Security Officers (PSO’s). Such improvements could likely involve an increase the number of training hours (from the current 128 hours) and a change in the method of the delivery of training. When I met with FPS working on this “national training initiative” in mid-December, FPS was focusing on one option that would increase PSO training to over 300 hours by essentially adopting with some modifications the current FLETC provided training program for Infrastructure Protection Officers. However, since then, FPS has further reviewed the issues related to adopting the IPO training program and has received additional input from interested parties. FPS has also continued to drill down on what specific training is necessary to cover the critical tasks of an PSO as identified in the recent comprehensive “job task analysis”. As a result, Continue Reading…
December 21st, 2010 by Steve Amitay
On Thursday December 16, on behalf of NASCO and the contract guard industry, I had a meeting at FPS with officials working on a “pre-decisional” proposal to increase and “federalize” (through utilization of FLETC) the initial training for FPS contract “Protective Security Officers” (PSO’s). Improving training to provide better protection for persons at FPS guarded federal facilities is the “ highest priority” for new FPS Director Eric Patterson and there is a strong belief at FPS that to accomplish this goal training must be standardized as well as increased. The officials noted that if all PSO’s receive the same exact training, this will provide for “uniform protection” and instill confidence in the public and federal workers that there is “no doubt” that all PSO’s are well trained. The improved/increased training, as well as better compensation envisioned for officers, will create a more “professionalized” security officer force with PSO’s “committed to their profession.”
The proposal, called the “National Training Initiative”, is being developed by officials in the FPS National Capital Region. As currently being considered, it would increase PSO training significantly from Continue Reading…
December 16th, 2010 by Valiant
Scanning an eye to gain access to a computer or building may seem like a futuristic technology from the latest action movie, but it is very real, and it’s being used all over the world. The process of electronically identifying people using physical measurements of individual human characteristics is called biometrics, or biometry.
A biometric reader uses unique human characteristics that are permanent and able to be scanned. As long as the feature does not change throughout time and can be collected accurately by a sensor, it is can be used as a source of biometric identification. All sorts of individual parts of the body can be used in biometrics, including facial features like irises, fingers, hands, and even veins. The shape and speed of a person’s signature can be used as biometric identification, as well as his or her voice.
Enrollment occurs when biometric readers digitally process representations of individual human measurements in a template. Templates are stored in two ways – either on a smartcard that an employee can possess or a device database. Identification occurs when an employee scans a bodily feature, such as an eye, finger, or hand, and is identified when the biometric reader matches the scan to a stored template. The process of verification occurs when an employee uses a smartcard, token, or login to let the biometric reader compare a previously stored template to a new scan.
Biometrics has a triple role in the workplace. Not only does it eliminate the need for any additional identifying information that is easily lost like a badge, card, code, or password, but it also prevents time fraud, or buddy punching. Buddy punching is the practice of having an employee’s friend swipe him or her in, allowing the employee to arrive late with no consequence. Since a biometric reader uses a pre-stored geometric template of an employee’s finger or hand to validate his or her identity, it renders buddy punching impossible. A biometric reader can also act as a security device, preventing people who are not authorized from entering restricted areas of the workplace.
Recent Visitor Comments